Insights
Publications

Twists in the Plot: California AG Releases Final CCPA Regulations

August 27, 2020 Blog

With a little time to consider the finalized California Consumer Privacy Act regulations released by the California Attorney General on August 14, 2020, it is clear that some last-minute negotiations (or perhaps just some thoughtful additional analysis) took place that led to some unexpected changes. The lion’s share of the regulation requirements have been discussed in depth, so let’s just focus on the following noteworthy changes:

  • Language for Do Not Sell Link. Prior versions enabled companies selling personal information to include a link reading “Do Not Sell My Info,” but that language is no longer acceptable and must instead read “Do Not Sell My Personal Information” as called for in the statute. (Section 999.305(b)(3))
  • Agent Verification. While requests to know and delete from an authorized agent of the data subject continue to require significant validation, where the authorized agent is merely making an opt-out request, a signed permission is sufficient verification. (Section 999.315(f))
  • Financial Incentive. The definition for “financial incentive” no longer includes payments/etc. in connection with the “retention” of personal information. Thus, in line with the statute, the requirements concerning financial incentives will not be broadened beyond those offered in connection with the “collection, deletion, or sale” of personal information. (Section 999.301(j))
  • Offline Notice. The final regulations removed the requirement that a privacy notice be provided where the business interacts with consumers offline to collect information (e.g., through an in-store, handwritten e-mail sign-up list). Businesses will instead be able to provide the notice solely on the website. If the business does not have a website, though, it would of course need to provide the notice in connection with the collection of personal data. (Section 999.306(b))
  • Opt-Out Method. The AG had provided that the method of opt-out be “easy for consumers to execute” and “require minimal steps.” While an overly-complicated opt-out procedure will likely still be found to be noncompliant, the removal of this vague language will avoid some additional uncertainty. (Section 999.315)

These changes together signal the Attorney General’s acceptance that some of the steps it had previously taken to broaden the reach of the CCPA went too far, or that clarification was necessary. The enforcement of the regulations, which has begun, will need to play out before we can understand them fully. But one thing we do know is that the regulations will be short-lived and will require significant overhaul if the California Privacy Rights Act of 2020 ballot initiative passes in November and becomes law in 2023. Stay tuned.

Firm Highlights

Publication

Uber’s Former Chief Security Officer Found Guilty of Obstruction For Coverup of Data Breaches

On October 5, 2022, after a monthlong jury trial, former Uber Chief Information Security Officer Joseph Sullivan was found guilty of obstructing proceedings of the Federal Trade Commission (FTC) and misprision of a felony...

Read More
Publication

Employee Data under the CCPA: Expiration of Employer Exemptions Requires Compliance as of January 1, 2023

Since the California Consumer Privacy Act (“CCPA”) was passed in 2018, employers have been watching carefully to see how the law will apply to data collected and maintained about their employees. Up until now, ...

Read More
Publication

Platform Ecosystems: Computer Fraud and Abuse Act and Other Scraping Law Developments (Webinar)

Erik Olson and Stephanie Skaff discuss "Platform Ecosystems: Computer Fraud and Abuse Act and Other Scraping Law Developments." Web scraping has existed as long as the World Wide Web has, and as data has...

Read More
Publication

Privacy Policy Best Practices for Nonprofits

Welcome to EO Radio Show – Your Nonprofit Legal Resource . I’m happy to have my colleague Nate Garhart back for a discussion on privacy laws and how they affect website content development and online...

Read More
Publication

Cybersecurity Regulation: Key Takeaways From an Unusual FTC Order That Will Follow CEO for a Decade

The FTC recently issued a proposed order that would settle an enforcement action against Drizly, LLC and its co-founder and CEO, James Rellas, arising from data breaches in 2018 and 2020 that affected over...

Read More
Publication

California Passes Landmark Privacy Protections for Children With Big Implications for Online Providers

Governor Newsom recently signed into law AB 2273 , the California Age-Appropriate Design Code Act (CA AADCA), making California the first state to pass broad privacy protections for children. The CA AADCA is modeled...

Read More
Publication

California Attorney General Announces Enforcement Sweep of Mobile Applications

Shortly before Privacy Day, California Attorney General (Cal AG) Rob Bonta  announced  a California Consumer Privacy Act (CCPA) enforcement sweep that targeted mobile applications. The sweep focused on popular apps in the retail, travel...

Read More
Publication

I Always Feel Like AI Is Watching Me: Artificial Intelligence and Privacy

ChatGPT got the early press, and every day we learn of new generative artificial intelligence products that can create new and creative visual and text responses to human input. Following on ChatGPT’s fame, Google’s...

Read More
Publication

What Recent Rulings in 'hiQ v. LinkedIn' and Other Cases Say About the Legality of Data Scraping

LinkedIn obtained a permanent injunction on Dec. 6 in its six-year-old lawsuit against data scraping company hiQ Labs, which LinkedIn quickly cheered as a “final, decisive victory” that established an “important legal precedent.” While...

Read More
Publication

Nonprofit Websites and Terms of Use - Best Practices and Common Pitfalls

Welcome to EO Radio Show – Your Nonprofit Legal Resource . Happy New Year, everyone!  In episode 26, Cynthia Rowland and her guest Nate Garhart discuss websites and terms of use and the legal concepts...

Read More